Search

US-20260128587-A1 - ELECTRICAL KILLSWITCH

US20260128587A1US 20260128587 A1US20260128587 A1US 20260128587A1US-20260128587-A1

Abstract

A system for cutting power to one or more powered devices comprises an actuator which controls the power to the one or more powered devices. The actuator is, or one or more controllers connected to the actuator are, configured to receive a kill command over a network and the actuator is configured to cut power to the one or more powered devices when the actuator or at least one of the one or more controllers receives the kill command. The actuator is, or the one or more controllers are, configured to receive a heartbeat signal over the network and the actuator is configured to cut power to the one or more powered devices when the actuator, or all of the controllers if applicable, are no longer receiving the heartbeat signal.

Inventors

  • Dennis Fleurbaaij

Assignees

  • OPTIVER IP B.V.

Dates

Publication Date
20260507
Application Date
20231003
Priority Date
20221004

Claims (19)

  1. 1 . A system for cutting power to one or more powered devices, said system comprising: an actuator which controls the power to said one or more powered devices, wherein said actuator is, or one or more controllers connected to said actuator are, configured to receive a kill command over a network and said actuator is configured to cut power to said one or more powered devices when said actuator, or at least one of said one or more controllers, receives said kill command, and wherein said actuator is, or said one or more controllers are, configured to receive a heartbeat signal over said network and said actuator is configured to cut power to said one or more powered devices when said actuator is, or all of said one or more controllers are, no longer receiving said heartbeat signal.
  2. 2 . The system as claimed in claim 1 , wherein said system comprises said one or more controllers, said one or more controllers comprise multiple controllers, and said multiple controllers are connected to said actuator, wherein said multiple controllers are configured to receive said kill command over said network and said actuator is configured to cut power to said one or more powered devices when at least one of said multiple controllers receives said kill command, and wherein said multiple controllers are configured to receive a heartbeat signal over said network and said actuator is configured to cut power to said one or more powered devices when all of said multiple controllers are no longer receiving said heartbeat signal.
  3. 3 . The system as claimed in claim 2 , wherein said system comprises said one or more controllers and each respective controller of said one or more controllers is configured to receive said heartbeat signal over said network and, upon determining that said respective controller is no longer receiving said heartbeat signal, stop transmitting a signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator is not receiving said signal from any of said one or more controllers.
  4. 4 . The system as claimed in claim 3 , wherein each respective controller of said one or more controllers is configured to, upon determining that said respective controller has received said kill command, stop transmitting said signal to said actuator and prevent said actuator from receiving said signal from any one other controller of said one or more controllers.
  5. 5 . The system as claimed in claim 4 , wherein each respective controller of said one or more controllers is configured to generate a watchdog signal, receive said watchdog signal, and, upon determining that said respective controller is no longer receiving said watchdog signal, stop transmitting said signal to said actuator.
  6. 6 . The system as claimed in claim 1 , wherein said system comprises said one or more controllers and each respective controller of said one or more controllers is configured to receive said heartbeat signal over said network and, upon determining that said respective controller is no longer receiving said heartbeat signal, transmit a signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator has received said signal from all of said one or more controllers.
  7. 7 . The system as claimed in claim 6 , wherein each respective controller of said one or more controllers is configured to transmit a further signal to said actuator upon determining that said respective controller has received said kill command, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator receives said further signal from at least one of said one or more controllers.
  8. 8 . The system as claimed in claim 7 , wherein each respective controller of said one or more controllers is configured to generate a watchdog signal, receive said watchdog signal, and, upon determining that said respective controller is no longer receiving said watchdog signal, transmit said signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator has received said signal from all of said one or more controllers.
  9. 9 . The system as claimed in claim 1 , wherein said system comprises said one or more controllers and said actuator is configured to cut power to said one or more powered devices when it loses connection to all of said one or more controllers.
  10. 10 . The system as claimed in claim 1 , wherein said system further comprises a further actuator which controls the power to one or more further powered devices, said further actuator is connected to said one or more controllers, said further actuator is configured to cut power to said one or more further powered devices when at least one of said one or more controllers receives said kill command, and said further actuator is configured to cut power to said one or more further powered devices when all of said one or more controllers are no longer receiving said heartbeat signal.
  11. 11 . The system as claimed in claim 10 , wherein said actuator, said further actuator, and said one or more controllers are connected to each other via a bus or a local network.
  12. 12 . The system as claimed in claim 1 , wherein said one or more controllers comprise a first controller and a second controller and said first controller and said second controller are powered by different power supplies.
  13. 13 . The system as claimed in claim 1 , wherein said actuator is powered from two independent mains sources.
  14. 14 . The system as claimed in claim 1 , wherein said system comprises said one or more controllers and each respective controller of said one or more controllers is configured to receive said heartbeat signal over said network and, upon determining that said respective controller is no longer receiving said heartbeat signal, stop transmitting a signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator is not receiving said signal from any of said one or more controllers.
  15. 15 . The system as claimed in claim 3 , wherein each respective controller of said one or more controllers is configured to generate a watchdog signal, receive said watchdog signal, and, upon determining that said respective controller is no longer receiving said watchdog signal, stop transmitting said signal to said actuator.
  16. 16 . The system as claimed in claim 2 , wherein said system comprises said one or more controllers and each respective controller of said one or more controllers is configured to receive said heartbeat signal over said network and, upon determining that said respective controller is no longer receiving said heartbeat signal, transmit a signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator has received said signal from all of said one or more controllers.
  17. 17 . The system as claimed in claim 16 , wherein each respective controller of said one or more controllers is configured to transmit a further signal to said actuator upon determining that said respective controller has received said kill command, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator receives said further signal from at least one of said one or more controllers.
  18. 18 . The system as claimed in claim 17 , wherein each respective controller of said one or more controllers is configured to generate a watchdog signal, receive said watchdog signal, and, upon determining that said respective controller is no longer receiving said watchdog signal, transmit said signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator has received said signal from all of said one or more controllers.
  19. 19 . The system as claimed in claim 6 , wherein each respective controller of said one or more controllers is configured to generate a watchdog signal, receive said watchdog signal, and, upon determining that said respective controller is no longer receiving said watchdog signal, transmit said signal to said actuator, and wherein said actuator is configured to cut power to said one or more powered devices when said actuator has received said signal from all of said one or more controllers.

Description

FIELD OF THE INVENTION The invention relates to a system for cutting power to one or more devices. BACKGROUND OF THE INVENTION In certain situations, it is important to cut power to a powered device with high reliability. For example, US2014/126594 discloses a killswitch system for a laser. As soon as the system detects a failure, it cuts power to the laser for safety reasons. In trading, this importance became apparent in 2012 when Knight Capital tried, but failed, to stop its trading systems. Cutting power to computer and network systems guarantees that they stop immediately, which guarantees the termination of misbehaving or unexpected behavior. While Power Distribution Units (PDUs) exist that can be switched on and off remotely, e.g. the APC Rack PDU 9000 switched (e.g. APDU9941), these PDUs are not designed to fail in an appropriate way; upon loss of connection they become uncontrollable themselves. SUMMARY OF THE INVENTION It is an objective of the invention to provide a system, which can cut power to a powered device, e.g. mounted in a rack, after loss of control over the powered device. In a first aspect of the invention, a system for cutting power to one or more powered devices comprises an actuator which controls the power to said one or more powered devices. Said actuator is, or one or more controllers connected to said actuator are, configured to receive a kill command over a network and said actuator is configured to cut power to said one or more powered devices when said actuator, or at least one of said one or more controllers, receives said kill command. Said actuator is, or said one or more controllers are, configured to receive a heartbeat signal over said network and said actuator is configured to cut power to said one or more powered devices when said actuator is, or all of said one or more controllers are, no longer receiving said heartbeat signal. Thus, the actuator will cut power if the actuator or controller is commanded to, and will also cut power if the actuator is not receiving the heartbeat signal or none of the one or more controllers is receiving the heartbeat signal. This killswitch system is an out-of-band system which may be used to power down most infrastructure in a colocation. No power means that the electrical devices connected to the switch will not be able to operate, which is the required effect. A killswitch system is preferably placed in the area of least change, which in co-locations are the racks and power distribution units. They are often installed only once at build time and are then stable for the lifetime of the rack, which can be decades. Racked equipment like servers and network connections changes at a much higher pace. When a heartbeat signal is no longer received over the network by the actuator or by a controller, this might imply that the actuator or the controller cannot receive kill commands either. In this situation, the actuator or the controller will fail-safe and shut off the power to the powered device(s) via the actuator. Said system may comprise said one or more controllers and said actuator may be configured to cut power to said one or more powered devices when it loses connection to all of said one or more controllers. This is an additional fail-safe. Said system may comprise said one or more controllers, said one or more controllers may comprise multiple controllers, and said multiple controllers may be connected to said actuator, wherein said multiple controllers are configured to receive said kill command over said network and said actuator is configured to cut power to said one or more powered devices when at least one of said multiple controllers receives said kill command, and wherein said multiple controllers are configured to receive a heartbeat signal over said network and said actuator is configured to cut power to said one or more powered devices when all of said multiple controllers are no longer receiving said heartbeat signal. If one or more controllers are used, it is especially beneficial to let multiple controllers control the one or more actuators. This may be used to provide redundancy in case of a single communication error. In this case, the actuator(s) will only cut power when all controllers fail to receive heartbeats. One controller receiving a kill command will cause all actuators to cut power, irrespective if the other controllers have received similar kill commands. It is also cost efficient to let a controller control multiple actuators. For example, said system may further comprise a further actuator which controls the power to one or more further powered devices, said further actuator may be connected to said one or more controllers, said further actuator may be configured to cut power to said one or more further powered devices when at least one of said one or more controllers receives said kill command, and said further actuator may be configured to cut power to said one or more further powered devices when al